Codat uses API keys to control access to the API.

You must keep the API key secret, so make sure it isn't available in publicly accessible areas, such as GitHub and client-side code. Codat recommends the API key is only inserted at release time, and the number of people at your organisation with access to your API key is minimised.

Codat expects the API key to be included in all API requests to the server, Base64 encoded within an 'Authorization' header.

Authorization: Basic YOUR_ENCODED_API_KEY

Replace YOUR_ENCODED_API_KEY with your API key encoded into Base64.


Getting your API Key

Admin and Developer users can view and regenerate API keys and authorization headers from the Codat Portal. Go to Settings > Organization settings and scroll down to the API access section.

Did this page help you?